CVE-2020-7799

EUVD-2020-28731
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.
Expression Language Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
fusionauthfusionauth
𝑥
< 1.11.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.html
https://fusionauth.io/docs/v1/tech/release-notes
https://lab.mediaservice.net/advisory/2020-03-fusionauth.txt
https://seclists.org/bugtraq/2020/Jan/39
http://packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.html
https://fusionauth.io/docs/v1/tech/release-notes
https://lab.mediaservice.net/advisory/2020-03-fusionauth.txt
https://seclists.org/bugtraq/2020/Jan/39